Photo Verify

Chain of Custody Signature Tool

Home Sign Check Lookup Update API Keys Feedback Log in GDPR

GDPR Compliance

Data Controller

The operator of this website is the data controller for any personal data collected through the service. If you have questions about your data, please use the Feedback tab to contact the site administrator.

What Data We Collect

When you register for an account, we collect your email address and the name you provide. The email address is used as your login identifier and as a contact address for account-related communication (verification email, password reset). The name is displayed alongside signatures you create in the chain of custody records.

When you submit the feedback form, we collect the name, email address, and message you enter. These are forwarded to the site administrator via email and are not stored in the website database.

No other personal data is processed. We do not use analytics services, tracking cookies, advertising, or third-party data processors. The website does not log IP addresses or browser fingerprints beyond what your HTTP client automatically sends in request headers.

Legal Basis

The processing of your email address and name for account management is necessary for the performance of the contract (providing the chain of custody signing service). The processing of feedback form data is based on your consent, given when you submit the form.

Data Retention

Your account data (email, name) is retained for as long as your account exists. Signature records are kept indefinitely as they form part of an auditable chain of custody. You can request deletion of your account and personal data via the Feedback tab.

Your Rights

Under the General Data Protection Regulation you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate data.
  • Right to erasure — request deletion of your account and personal data.
  • Right to restrict processing — request limitation of data processing.
  • Right to data portability — request a machine-readable export of your data.
  • Right to object — object to the processing of your personal data.

To exercise any of these rights, use the Feedback tab or contact the site administrator directly.

Data Security

Passwords are stored as bcrypt hashes. Communications between your browser and this website are encrypted via HTTPS. The database is accessible only to the web application and authorised administrators.

Third-Party Data Sharing

We do not sell, rent, or share your personal data with third parties. Emails sent through the feedback form are delivered via the configured SMTP relay and are not stored on the website.

Cookies

This website uses a session cookie (PHPSESSID) that is strictly necessary for authentication. No tracking, analytics, or advertising cookies are used.

Changes to This Policy

Any changes to this GDPR compliance statement will be posted on this page. Continued use of the service after changes constitutes acceptance of the updated policy.

Last updated: June 2026

Chain of Custody — SHA-256 image authentication